Our certified Internal Security Orchestra

Yes, we are now also ISO certified

avvaneo has always invested in security. Nobody would expect otherwise. Every company today, from backend to frontend, from local to the cloud, must be on guard 24/7 to ensure that no fatal error or malicious intruder can cause damage.

So we have integrated state-of-the-art security procedures and perimeter protection from the ground up, and now finally we wanted to be measured officially: How gapless is gapless for us, in reality? Also performing a disaster test to uncover any unrecognized gaps in our security systems.

Key cyber security certification completed

Specifically, we commissioned FOX Certification GmbH to audit and certify us in accordance with the ISO/IEC 27001:2013 standard. This standard is considered the most important international certification for cyber security ("information security").

It is not focused on a condition that has just been achieved now and will be outdated in four weeks. Rather, the emphasis is on the processes we use to keep our security permanently up-to-date.

The certification covers all key aspects of secure IT operations – Confidentiality, Integrity and Availability of Data and Systems, including all the steps from Planning and Implementation to continuous Monitoring and any necessary Improvements. In other words: our complete Information Security Management System (ISMS), i.e. all the instruments of avvaneo's "internal security orchestra", was certified.

Our certification also benefits our customers

Standardization does not imply total uniformity. This is the case for us. ISO/IEC 27001 first analyzes the specific needs of a company. That is why our certification has as its scope a description of activities, which for avvaneo reads as follows:

"International Development, Consulting and Support to Increase the Automation of Financial Processes using Artificial Intelligence, Analytics and Customized Solutions for medium-sized and international Companies."

For our customers, this is good news. Our certification considers our specific services and customer structure. For example, when we implement software we develop for you, that software is technically clean and tight. It will only do what it is supposed to do. And has always been tested for security vulnerabilities before your company touches it.

"And did the certification hurt much?"

Of course, ISO certification is no walk in the park. Nor should it be. Nevertheless, we endured the pain of the audit without sedation. One of the reasons we didn't have any major problems with the enormously detailed audit processes is that, as developers of automation for financial processes, we are used to documenting everything as a standard practice.

Documenting well is part of our daily routine. To the extent that "security as part of the corporate culture" is part of the ISO/IEC 27001 certification, employees at every level and in all departments have always been part of this battle. All standard requirements are firmly wired and embedded, and we constantly keep a close eye on everything. Now you, our customers and partners, can rely on us to do so even more.

The 5 points for which we now have letter and seal

• Information security: we manage our information security dynamically, not rigidly: self-monitoring is constantly active, and any need for adjustment is identified and implemented at an early stage.
• Risk minimization: we identify vulnerabilities before they emerge at our customers' or our own sites.
• Information security: if necessary, we can quickly detect and repair the potential consequences of attacks by hackers, data loss or data misuse.
• Security as a Corporate Culture: all standard requirements are part of our daily business and job descriptions.
• Implementation of External Requirements: We also systematically fulfill the criteria of Availability, Confidentiality and Integrity with regard to the requirements of third parties (Customers, Auditors, Partners).